From 30e11b1bbf37fcb88564153b8724b67044f79d6c Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Aug 2019 15:26:41 +0100 Subject: [PATCH] ldap: Authenticate using Kerberos Signed-off-by: Michael Tremer --- src/backend/accounts.py | 18 +++++++++++++----- src/backend/base.py | 1 + 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/src/backend/accounts.py b/src/backend/accounts.py index 1e586fc5..d49ed5e7 100644 --- a/src/backend/accounts.py +++ b/src/backend/accounts.py @@ -5,6 +5,7 @@ import datetime import ldap import ldap.modlist import logging +import os import phonenumbers import sshpubkeys import time @@ -17,6 +18,9 @@ from . import util from .decorators import * from .misc import Object +# Set the client keytab name +os.environ["KRB5_CLIENT_KTNAME"] = "/etc/ipfire.org/ldap.keytab" + class Accounts(Object): def init(self): self.search_base = self.settings.get("ldap_search_base") @@ -39,11 +43,15 @@ class Accounts(Object): retry_max=10, retry_delay=3) def _authenticate(self): - # Bind with username and password - self.ldap.simple_bind( - self.settings.get("ldap_bind_dn"), - self.settings.get("ldap_bind_pw", ""), - ) + # Authenticate against LDAP server using Kerberos + self.ldap.sasl_gssapi_bind_s() + + def test_ldap(self): + logging.info("Testing LDAP connection...") + + self._authenticate() + + logging.info("Successfully authenticated as %s" % self.ldap.whoami_s()) def _query(self, query, attrlist=None, limit=0, search_base=None): logging.debug("Performing LDAP query: %s" % query) diff --git a/src/backend/base.py b/src/backend/base.py index 40cc70a0..19797edb 100644 --- a/src/backend/base.py +++ b/src/backend/base.py @@ -94,6 +94,7 @@ class Backend(object): "cleanup" : self.cleanup, "scan-files" : self.releases.scan_files, "send-all-messages" : self.messages.queue.send_all, + "test-ldap" : self.accounts.test_ldap, "tweet" : self.tweets.tweet, "update-blog-feeds" : self.blog.update_feeds, } -- 2.39.2